Deprecated Features-Google Warnings
-
Hello there, thank you very much for your plugin.
I installed it and immediately got A+ on securityheaders.com and 88 on serpworx.com. But I also got a warning in chrome dev tools regarding deprecated feature used:
“The Expect-CT header is deprecated and will be removed. Chrome requires Certificate Transparency for all publicly trusted certificates issued after April 30, 2018.”
Also, pagespeed insights lowered best practices after these findings:
1) Uses deprecated APIs (but I can’t find which API it’s for).2) Ensure CSP is effective against XSS attacks.
- script-src directive is missing. This can allow the execution of unsafe scripts.
- Missing object-src allows the injection of plugins that execute unsafe scripts. Consider setting object-src to ‘none’ if you can.
I dont’t want to share my website url, would it be possible to email you so you can have a look please?
Kind regards,
Ilias
-
Hello @fierevere , we meet again in this post.
I understand that you removed the reply from plugin author, even though I requested their email address so that there is more security regarding my problem.
Just a quick question. What happens if there is indeed a security issue, that’s why someone can’t share his website URL and the only solution would be to contact the plugin author privately? I can’t seem to find a “Make topic private” button here in wordpress…
Because as I undestand it, google warns me that “script-src directive is missing. This can allow the execution of unsafe scripts“. Am I just going to display my website URL so that anyone skilled enough can perform that type of execution of unsafe scripts?
Regards,
Ilias
- The topic ‘Deprecated Features-Google Warnings’ is closed to new replies.
